Cyberattacks against manufacturing companies continue to grow. As a matter of fact, over in the UK alone, 48 percent of manufacturers claim to have been victims of an attack in 2018. And, according to Verizon’s 2018 Data Breach Investigation Report, 47 percent of all attacks in manufacturing involved the theft of intellectual property, with 66 percent of attacks happening from hacking and 34 percent from malware.
Because manufacturers operate with a complex combination of platforms and systems of varying ages and degrees of specialization (complicated by the shift to Industry 4.0), it can be particularly challenging for IT to provide reliable security across the entire hyperconnected and increasingly complex network. Old appliances and technologies typically aren’t a high priority for security and can often be forgotten, unpatched and left vulnerable. With external hackers accounting for 89 percent of all attacks in manufacturing, you should expect that cyber criminals leave no hardware unturned when it comes to finding an entry point into the networks. They know that many manufacturers are running outdated systems with readily exploitable vulnerabilities, or that they’re transitioning to new, more connected technologies that often have additional security concerns, such as IoT.
In fact, the back offices of manufacturing and factory facilities present a very legitimate—yet often neglected—attack vector that attackers can infiltrate to make lateral movements through an organization’s network and even into the manufacturing floor. While a lack of investment in cybersecurity is one of the biggest risk factors for manufacturers, there are also several older technologies that can be found throughout most manufacturing facilities—everywhere from the back office, to the factory floor—and should be phased out or patched to help shore up holes in the network. Here’s a list of devices you may be overlooking:
- Printers – From stealing hidden documents to hacking the entire IT infrastructure, hackers can create a plethora of problems through a single unsecured printer. In order to make printers safe, the passwords assigned by the machines’ manufacturers must be changed before the first company use. Next, IT/security teams should carefully determine who will be responsible for controlling their business’s printers and make sure that all of the devices are securely connected to the internet (or not connected at all). If printers or scanners are replaced every few years, it may be necessary to create a destruction strategy for those machines as well, or at least their hard drives.
- Fax Machines – According to a 2017 Spiceworks poll, 62 percent of companies still use physical fax machines. And like printers, many of the passwords for these machines are never updated from the default provided by the manufacturer, which is a major security no-no. Left unsecured, fax machines present an easy target for cybercriminals hunting for confidential data. Hackers who infiltrate these devices can seize the distribution power to send sensitive fax documents wherever they want, even their own email addresses. In addition to changing passwords provided by the fax machine manufacturer, you should also disable the fax machine's remote use and management options, or at least secure them with a VPN.
- Video Conference Systems – The level of security found in conference room video systems is typically pretty low and although the technology is used frequently for meetings and calls as part of most day-to-day company operations, it can easily be neglected and therefore left vulnerable. Smart cybercriminals can actively look for opportunities to hack video conferencing systems connected to public Wi-Fi networks. Video conference systems are a prime target for hackers, as they can exploit the hardware’s vulnerabilities to spy on highly confidential conversations and company meetings. For this reason, manufacturing companies are urged to create private networks for conference rooms and only install public internet connections when absolutely necessary. If you do connect your video conferencing system to the internet, consider additional controls, like VPNs, to secure its communications. The rule about changing factory-set passwords also applies here, as it does for all IoT devices.
- Ventilation, Heating and Cooling Systems – A breached ventilation, heating or cooling system can evolve into an attack severe enough to cause a company's entire sales operation to collapse, as we saw with the Target breach. These systems are often installed by people with limited IT experience, which makes them a more likely place for hackers to find an entry point into a company’s network. Testing IoT devices, their management systems, and their sensors before installation, assigning unique passwords, and regularly updating software are important steps toward preventing compromise.
- Security Cameras and Door Access Systems – Security cameras and door access systems at manufacturing companies can also present considerable danger. You should implement detailed defense controls, but also carefully consider how you use them and what authority within the company will control them. While we know deficiencies in physical security can affect cybersecurity, we recommend penetration tests and network controls for detecting and eliminating the weaknesses in surveillance cameras and door access systems.
- Manufacturing Devices on the Factory Floor – Stuxnet, a highly sophisticated computer worm first identified in 2010, proved that malicious actors could directly infect the programmable logic controllers (PLCs) of actual equipment used in manufacturing (in this case, a centrifuge used to manufacture weaponizable grade uranium). This same type of attack could translate to any manufacturing device on a factory floor that is controlled by a PLC and software. Your specialized hardware likely runs “software” too. Be sure to update it if a the software vendor releases firmware updates. At the very least, air gap or firewall these devices.
While old appliances and technologies contribute to the insecurity of your manufacturing network, today’s cybercriminals take a multi-prong approach when attacking organizations. It’s no longer enough to just secure the network and computing devices. Hackers are targeting employees with email and social media scams, and even dumpster diving to get documents that haven’t been shredded. As you move forward with your security strategy, remember to always have visibility into your connected devices, scan often, and keep devices (old and new) updated.
Corey Nachreiner is CTO at WatchGuard Technologies.